© All Rights Reserved

278 views

© All Rights Reserved

- BT0086 : Mobile Computing - Assignment
- BT0087 : WML and WAP Programing - Theory - Assignment
- BT0086
- BT9001 : Data Mining - Assignment
- SFAAAT0088 Cryptography and Network Security Assignment Copy
- SMU BCA 5th Sem 2011 VB.Net And Xml
- bt0087
- BT8902
- Project and Assignment
- BT8903 : C# Programming - Assignment
- Solved, BT0088
- Solved, BT0087
- INFORMATION SECURITY
- Cryptography
- Solved. BT8902
- BT0091 - WML and WAP Programming – Practical
- BT0092
- Solved,BT9003
- Solved, BT0086
- BScIT Programme Guide-Final

You are on page 1of 6

applications continue to multiply on the Internet, with immediate benefits to end users.

However, these network-based applications and services can pose security risks to

individuals and to the information resources of companies and governments. Information is

an asset that must be protected. Without adequate network security, many individuals,

businesses, and governments risk losing that asset is called attack.

Types of Threats

Interception: This type of threat occurs when an unauthorized party (outsider) has

gained access. The outside party can be a person, a program, or a computing

system. Examples of this type of failure are illicit copying of program or data files, or

wiretapping to obtain data in a network. Although a loss may be discovered fairly

quickly, a silent interceptor may leave no traces by which the interception can be

readily detected. When an unauthorized party modifies or corrupts the asset, the

threat is a modification. For example, someone might change the values in a

database, alter a program so that it performs an additional computation. It is even

possible to modify hardware. Only some cases are detected easily using simple

measures, but others are almost impossible to detect.

Interruption: This occurs when an asset of the system becomes lost, unavailable, or

unusable. An example is the malicious destruction of a hardware device, erasure of a

program or data file, or malfunction of an operating system file manager so that it

cannot find a particular disk file. The useful means of classifying security attacks is in

terms of passive attacks and active attacks. A passive attack attempts to learn or

make use of information from the system but does not affect the system resources.

An active attack attempts to alter system resources or affect their operation.

1

Question 2 - What is security attack? Explain with examples.

When you test any computer system, one of your jobs is to imagine how the system could

malfunction. Then, you improve the system's design so that the system can withstand any of

the problems you have identified. In the same way, we analyze a system from a security

perspective, thinking about the ways in which the system's security can malfunction and

diminish the value of its assets. Any action that compromises the security of information

owned by an organization is called security attack. Those who execute such actions, or

cause them to be executed, are called attackers or opponents.

Computer-based system has three interrelated and valuable components namely, hardware,

software, and data. Each of these assets offers value to different members of the community

affected by the system. To analyze security, we can brainstorm about the ways in which the

system or its information can experience some kind of loss or harm. For example, we can

identify data whose format or contents should be protected in some way. We want our

security system to make sure that no data is disclosed to an unauthorized parties. Neither do

we want the data being modified in illegitimate ways nor do we want the illegitimate users to

access the data. By this we identify weaknesses of a system.

i.e. A process whereby a person compromises your computer by installing harmful malicious

software in your computer without your knowledge. These malicious software includes

viruses, spywares, adwares, and trojan horses. These software often deletes certain vital

files on your computer, making your computer to function abnormally, spying on your online

surfing habits, and cause advertisements to pop up on your screen when you are online.

2

Question 3 - Explain different characteristics that identify a good encryption technique.

formulated with hand implementation in mind: A complicated algorithm is prone to

error or likely to be forgotten. With the development and popularity of digital

computers, algorithms far too complex for hand implementation became feasible.

Still, the issue of complexity is important. People will avoid an encryption algorithm

whose implementation process severely hinders message transmission, thereby

undermining security. And a complex algorithm is more likely to be programmed

incorrectly.

The enciphering algorithm and set of keys used should be less complex. This

principle implies that we should restrict neither the choice of keys nor the types of

plaintext on which the algorithm can work. For instance, an algorithm that works only

on plaintext having an equal number of As and Es is useless. Similarly, it would be

difficult to select keys such that the sum of the values of the letters of the key is a

prime number. Restrictions such as these make the use of the encipherment

prohibitively complex. If the process is too complex, it will not be used. Furthermore,

the key must be transmitted, stored, and remembered, so it must be short.

The amount of secrecy needed should determine the amount of labor appropriate for

the encryption and decryption. Principle 1 is a reiteration of the principle of timeliness

and of the earlier observation that even a simple cipher may be strong enough to

deter the casual interceptor or to hold off any interceptor for a short time.

Errors in ciphering should not propagate and cause corruption of further information

in the message. Principle 4 acknowledges that humans make errors in their use of

enciphering algorithms. One error early in the process should not throw off the entire

remaining ciphertext.

The size of the original message and that of enciphered text should be at most same.

The idea behind principle 5 is that a ciphertext that expands dramatically size cannot

possibly carry more information than the plaintext, yet it gives the cryptanalyst more

data from which to infer a pattern. Furthermore, a longer ciphertext implies more

space for storage and more time to communicate.

3

Question 4 - Compare Symmetric and Asymmetric Encryption Systems.

Based on Key

We have two types of encryptions based on keys they are symmetric (also called "secret

key") and asymmetric (also called "public key"). Symmetric algorithms use one key, which

works for both encryption and decryption. Usually, the decryption algorithm is closely related

to the encryption one. (For example, the Caesar cipher with a shift of 3 uses the encryption

algorithm "substitute the character three letters later in the alphabet" with the decryption

"substitute the character three letters earlier in the alphabet.") The symmetric system means

both encryption and the decryption are performed using the same key. They provide a two-

way channel to their users: A and B share a secret key, and they can both encrypt

information to send to the other as well as decrypt information from the other. As long as the

key remains secret, the system also provides authentication, proof that a message received

was not fabricated by someone other than the declared sender. Authenticity is ensured

because only the legitimate sender can produce a message that will decrypt properly with

the shared key. The symmetry of this situation is a major advantage of this type of

encryption, but it also leads to a problem: key distribution. How do A and B obtain their

shared secret key? And only A and B can use that key for their encrypted communications. If

A wants to share encrypted communication with another user C, A and C need a different

shared key. Key distribution is the major difficulty in using symmetric encryption. In general,

n users who want to communicate in pairs need n * (n 1)/2 keys. In other words, the

number of keys needed increases at a rate proportional to the square of the number of

users! So a property of symmetric encryption systems is that they require a means of key

distribution.

Based on Block

Block based encryption system is classified as stream and block encryption system. Stream

encryption algorithm convert one symbol of plaintext immediately into a symbol of ciphertext.

(The exception is the columnar transposition cipher.) The transformation depends only on

the symbol, the key, and the control information of the encipherment algorithm. Some kinds

of errors, such as skipping a character in the key during encryption, affect the encryption of

all future characters. However, such errors can sometimes be recognized during decryption

because the plaintext will be properly recovered up to a point, and then all following

characters will be wrong. If that is the case, the receiver may be able to recover from the

error by dropping a character of the key on the receiving end. Once the receiver has

successfully recalibrated the key with the ciphertext, there will be no further effects from this

error. In the columnar transposition, the entire message is translated as one block. The

block size need not have any particular relationship to the size of a character. Block ciphers

work on blocks of plaintext and produce blocks of ciphertext, as shown in figure 3.2. In this

figure, the central box represents an encryption machine: The previous plaintext pair is

converted to po, the current one being converted is IH, and the machine is soon to convert

ES.

4

Question 5 - Give the Overview of DES Algorithm.

technique. The strength of DES technique is improved when it uses both the techniques

together. It uses both the technique repeatedly i.e., one on the top of other for a total of 16

cycles. The sheer complexity of tracing a single bit through 16 iterations of substitutions and

transpositions has so far stopped researchers in the public from identifying more than a

handful of general properties of the algorithm. The algorithm begins by encrypting the

plaintext as blocks of 64 bits. The key is 64 bits long, but in fact it can be any 56-bit number.

(The extra 8 bits are often used as check digits and do not affect encryption in normal

implementations.) The user can change the key at will any time there is uncertainty about

the security of the old key.

DES uses only standard arithmetic and logical operations on numbers up to 64 bits long, so

it is suitable for implementation in software on most current computers. Although complex,

the algorithm is repetitive, making it suitable for implementation on a single-purpose chip.

5

Question 6 - Explain RSA technique with an example.

RSA is an exponentiation cipher. You have to follow the following two steps.

1. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the

number of numbers less than n with no factors in common with n.

Example: Let n = 10. The numbers that are less than 10 and are relatively prime to

(have no factors in common with) n are 1, 3, 7, and 9. Hence,

(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4,

5, 8, 10, 11, 13, 16, 17, 19, and 20. So (21) = 12.

2. Choose an integer e < n that is relatively prime to (n). Find a second integer d such

that ed

mod (n) = 1. The public key is (e, n), and the private key is d.

Let m be a message. Then:

c = me mod n

and

m = cd mod n.

Example: Let p = 7 and q = 11. Then n = 77 and (n) = 60. Alice chooses e = 17, so

her private

key is d = 53. In this cryptosystem, each plaintext character is represented by a

number

between 00 (A) and 25 (Z); 26 represents a blank. Bob wants to send Alice the

message

"HELLO WORLD." Using the representation above, the plaintext is 07 04 11 11 14 26

22 14 17

11 03. Using Alice's public key, the ciphertext is

0717 mod 77 = 28

0417 mod 77 = 16 1117 mod 77 = 44 ... 0317 mod 77 = 75 or 28 16 44 44 42 38 22

42 19 44 75.

In addition to confidentiality, RSA can provide data and origin authentication. If Alice

enciphers her message using her private key, anyone can read it, but if anyone alters it, the

(altered) ciphertext cannot be deciphered correctly. Example: Suppose Alice wishes to send

Bob the message "HELLO WORLD" in such a way that Bob will be sure that Alice sent it.

She enciphers the message with her private key and sends it to Bob. As indicated above, the

plaintext is represented as 07 04 11 11 14 26 22 14 17 11 03. Using Alice's private key, the

ciphertext is 0753 mod 77 = 35 0453 mod 77 = 09 1153 mod 77 = 44 ... 0353 mod 77 = 05

or 35 09 44 44 93 12 24 94 04 05.

- BT0086 : Mobile Computing - AssignmentUploaded byPawan Mall
- BT0087 : WML and WAP Programing - Theory - AssignmentUploaded byPawan Mall
- BT0086Uploaded byManish Kumar
- BT9001 : Data Mining - AssignmentUploaded byPawan Mall
- SFAAAT0088 Cryptography and Network Security Assignment CopyUploaded byCee Kay MuZiK
- SMU BCA 5th Sem 2011 VB.Net And XmlUploaded byManoj Yadav
- bt0087Uploaded byManish Kumar
- BT8902Uploaded byManish Kumar
- Project and AssignmentUploaded bySmu Doc
- BT8903 : C# Programming - AssignmentUploaded byPawan Mall
- Solved, BT0088Uploaded byArvind K
- Solved, BT0087Uploaded byArvind K
- INFORMATION SECURITYUploaded byEugene Muketoi
- CryptographyUploaded byvirus0623
- Solved. BT8902Uploaded byArvind K
- BT0091 - WML and WAP Programming – PracticalUploaded bycahmadh
- BT0092Uploaded byManish Kumar
- Solved,BT9003Uploaded byArvind K
- Solved, BT0086Uploaded byArvind K
- BScIT Programme Guide-FinalUploaded byVijay Khara
- AssignmentsUploaded byMinhaz Alam
- 4.3 TRB POLYTECHNIC SYLLABUS..pdfUploaded byAnonymous WCSYkPp
- MC0071 - Set 2Uploaded bynikeneel
- BscIT 5thUploaded byHuzefa Kothalia
- BT0087 Assignment Spring 2013Uploaded byprince007don
- ns-bsc-it-oct-2014.pdfUploaded byRaj Khanna
- Module 1 Ict on SocietyUploaded byemygerald
- Review Paper on LSB and DCT technique of Image SteganographyUploaded byInternational Journal for Scientific Research and Development - IJSRD
- E SecurityUploaded byAmit Nepal
- CryptographyUploaded byLakshya Mahani

- Symmetric Key Generation Algorithm in Linear Block Cipher Over LU Decomposition MethodUploaded byEditor IJTSRD
- Colour Pass System for User AuthenticationUploaded byIJSTE
- jan-feb-2017Uploaded byalehap
- ALOHA LOAD BALANCER SSH PUBLIC KEY ACCESSUploaded byTed G. Freitas
- T05 Security Fund Block I v7Uploaded bynacho1963
- Final-Print.pdfUploaded byvinoth1128
- Two Factor AuthenticationUploaded byPistolStar Tailored Authentication
- WannaCry Cybereason ReportUploaded bykavi_mt2008
- A Self-Destruction System for Dynamic Group Data Sharing in CloudUploaded byInternational Journal of Research in Engineering and Technology
- Cfml Developer Security GuideUploaded bycool10148
- Hacked AfadiaUploaded bydelete_user
- websystique_springsecurity_oauth2Uploaded bybreno jeronimo
- This Code Injection Technique can Potentially Attack All Versions of Windows.pdfUploaded byfunmiBash
- The MD5 Encryption Technique PresentationUploaded bySwapnil Bhatnagar
- Internet SecurityUploaded byannelireino
- Syllabus_PWDUploaded byAkiNiHandiong
- wlan (1)Uploaded byVaibhav Mishra
- Cyber War 1ACUploaded byKushal Marri
- Des 1Uploaded bySumit Balguvhar
- CCNA Security V3 Workbook DemoUploaded byKartik Iyer
- Newspaper NotesUploaded byBakarchodBc
- The Art of DeceptionUploaded byjnkeragasani
- Recommendations on the Future of EU-Australia RelationsUploaded byAdrian Plevin
- Securing ATM With OTP and BiometricUploaded byEditor IJRITCC
- 01 Introduction to Linux Host SecurityUploaded bySimona Marin
- Generation of Cryptographic Key and Fuzzy VaultUploaded bypriyakapoor77
- SECURING THE NETWORK USING AUTHENTICATION KEY EXCHAGE PROTOCOLSUploaded byvamsi
- Critical Security Controls - Fall-2014-PosterUploaded bygr3atwhit3
- Readme FirstUploaded byCerceja Bogdan
- CS 413 - Computer Security - Assignement Question and AsnwersUploaded byCollins Jnr Fish